Hello On 08.12.21 22:00, mj (li...@merit.unu.edu) wrote: > Hi Chistian, > > Op 08-12-2021 om 18:17 schreef Christian Mack > (christian.m...@uni-konstanz.de): >> How does the user get its TOTP initializon vector then? >> She/he can not login without it, but can only scan the QR code while >> logged into SOGo ;-) > > Well obviously it would mean: After the admin forces it, on the next > login, those users would be required to setup and activate MFA. >
Good point. Like enforcing password changes. You could open an enhancement request for that on https://sogo.nu/bugs/ >> What for? >> Either you want to protect your account with 2FA or not. >> You can use long sessions, therefore only login once a day. > > You could require MFA from WAN, and not require it from LAN/VPN, for > example. That's not unusual. >> But I understand from your replies that you don't see it that way ;-) > Yes, in my opinion that habit is a relict of times, when you could trust your own network and all devices on it. In times of bring-your-own-device and using private Smartphones all the time, this does not apply anymore. Every client can be infected, and should be treated as such. I know, security is annoying. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature